Ars Technica

Attack wrangles thousands of web users into a password-cracking botnet

Attackers have transformed hundreds of hacked sites running WordPress software into command-and-control servers that force visitors’ browsers to perform password-cracking attacks. A web search for the ...
Bleeping Computer

Chrome extensions can steal plaintext passwords from websites

A team of researchers from the University of Wisconsin-Madison has uploaded to the Chrome Web Store a proof-of-concept extension that can steal plaintext passwords from a website's source code. An ...